otplib icon indicating copy to clipboard operation
otplib copied to clipboard
verified publisher icon yeojz

authenticator always return invalid token when Window OPTION is set to 0

Open gargbhupinder opened this issue 5 years ago • 3 comments

Describe the bug window option value is set to 0. Now when I try to verify otp using totp.check function, it always returns false.

when I changed value of window from 0 -> 1. Everything starts working.

To Reproduce Steps to reproduce the behavior:

  1. Set value of window option (TOTP Options) to 0.
  2. Restart your application. (I removed all node modules and re-installed them)
  3. generate and send otp using TOTP.
  4. Try verifying the otp using totp.check.
  5. It will return false, even when correct OTP is entered.

Expected behavior It should verify and allow the correct otp.

Screenshots If applicable, add screenshots to help explain your problem.

Details (please provide any relevant information):

My use Case I want to allow only latest OTP to be valid. for eg: a) I generated an otp which is valid for 5 mins. (assume it to be 1234) b) After a min I choose resend OTP option. (assume it to be 5678) c) now i have two otp valid for 3 to 4 more minutes. d) I want to allow only latest OTP as valid OTP. (only 5678 should be valid. 1234 should be invalid)

  • otplib version: ^12.0.1
  • os: linux
  • browser: chrom/firefox
  • node / yarn: node - 10.14.13
  • frameworks (if any): loopback

Additional context Add any other context about the problem here.

gargbhupinder avatar Jul 14 '20 04:07 gargbhupinder

@gargbhupinder by default, each OTP is only valid for 1 minute. Did you set the step option to allow for 5 minute intervals?

yeojz avatar Jul 16 '20 16:07 yeojz

@yeojz Thanks for getting back.

Current Config Values step value was set to 30. value for window is 0.

Correct me if I am wrong

Should i set:

(I will get different OTP if i choose resend option after 30s. Each otp will be valid for 5 mins) Step = 30; window = 10;

OR

(I will get same OTP if i choose resend option within 5 min of interval. Otp will be valid for 5 mins) Step = 300 window = 0;

gargbhupinder avatar Jul 19 '20 05:07 gargbhupinder

@yeojz Can you please help.

I want an OTP valid for 5 mins. If I resend OTP before 5 mins, only the latest OTP should be valid.

Can you please tell me the value for STEP and WINDOW options for the above scenario?

gargbhupinder avatar Jul 24 '20 02:07 gargbhupinder